Select Git revision
caps.go 3.26 KiB
package caps
import (
"errors"
)
type Capabilities map[string]int
const (
CAP_USER_CREATE string = "USER_CREATE"
CAP_USER_DESTROY = "USER_DESTROY"
CAP_USER_SET_CAPS = "USER_SET_CAPS"
CAP_USER_SET_PWD = "USER_SET_PWD"
CAP_USER_LIST = "USER_LIST"
CAP_VM_LIST = "VM_LIST"
CAP_VM_LIST_ANY = "VM_LIST_ANY"
CAP_VM_START = "VM_START"
CAP_VM_START_ANY = "VM_START_ANY"
CAP_VM_STOP = "VM_STOP"
CAP_VM_STOP_ANY = "VM_STOP_ANY"
CAP_VM_REBOOT = "VM_REBOOT"
CAP_VM_REBOOT_ANY = "VM_REBOOT_ANY"
CAP_VM_CREATE = "VM_CREATE"
CAP_VM_DESTROY = "VM_DESTROY"
CAP_VM_DESTROY_ANY = "VM_DESTROY_ANY"
CAP_VM_EDIT = "VM_EDIT"
CAP_VM_EDIT_ANY = "VM_EDIT_ANY"
CAP_VM_SET_ACCESS = "VM_SET_ACCESS"
CAP_VM_SET_ACCESS_ANY = "VM_SET_ACCESS_ANY"
CAP_VM_READFS = "VM_READFS"
CAP_VM_READFS_ANY = "VM_READFS_ANY"
CAP_VM_WRITEFS = "VM_WRITEFS"
CAP_VM_WRITEFS_ANY = "VM_WRITEFS_ANY"
CAP_TPL_CREATE = "TPL_CREATE"
CAP_TPL_EDIT = "TPL_EDIT"
CAP_TPL_EDIT_ANY = "TPL_EDIT_ANY"
CAP_TPL_LIST = "TPL_LIST"
CAP_TPL_LIST_ANY = "TPL_LIST_ANY"
CAP_TPL_DESTROY = "TPL_DESTROY"
CAP_TPL_DESTROY_ANY = "TPL_DESTROY_ANY"
CAP_TPL_READFS = "TPL_READFS"
CAP_TPL_READFS_ANY = "TPL_READFS_ANY"
)
// Capabilities stored in the user config
var userCaps = Capabilities {
CAP_USER_CREATE: 1,
CAP_USER_DESTROY: 1,
CAP_USER_SET_CAPS: 1,
CAP_USER_LIST: 1,
CAP_VM_CREATE: 1,
CAP_VM_DESTROY_ANY: 1,
CAP_VM_EDIT_ANY: 1,
CAP_VM_START_ANY: 1,
CAP_VM_STOP_ANY: 1,
CAP_VM_REBOOT_ANY: 1,
CAP_VM_LIST_ANY: 1,
CAP_VM_SET_ACCESS: 1,
CAP_VM_SET_ACCESS_ANY: 1,
CAP_VM_READFS_ANY: 1,
CAP_VM_WRITEFS_ANY: 1,
CAP_TPL_CREATE: 1,
CAP_TPL_EDIT: 1,
CAP_TPL_EDIT_ANY: 1,
CAP_TPL_DESTROY: 1,
CAP_TPL_DESTROY_ANY: 1, CAP_TPL_LIST: 1,
CAP_TPL_LIST_ANY: 1,
CAP_TPL_READFS: 1,
CAP_TPL_READFS_ANY: 1,
}
// Capabilities stored in the VM config (access)
var VMAccessCaps = Capabilities {
CAP_VM_SET_ACCESS: 1,
CAP_VM_DESTROY: 1,
CAP_VM_EDIT: 1,
CAP_VM_START: 1,
CAP_VM_STOP: 1,
CAP_VM_REBOOT: 1,
CAP_VM_LIST: 1,
CAP_VM_READFS: 1,
CAP_VM_WRITEFS: 1,
}
// Returns true if the string cap matches a user capability
func IsUserCapValid(cap string) bool {
_, exists := userCaps[cap]
return exists
}
// Returns true if the string cap matches a VM access capability
func IsVMAccessCapValid(cap string) bool {
_, exists := VMAccessCaps[cap]
return exists
}
// Validates all user capabilities.
func ValidateUserCaps(caps Capabilities) error {
for cap, _ := range caps {
if (!IsUserCapValid(cap)) {
return errors.New("Invalid capability: "+cap)
}
}
return nil
}
// Validates all VM access capabilities.
func ValidateVMAccessCaps(caps Capabilities) error {
for cap, _ := range caps {
if (!IsVMAccessCapValid(cap)) {
return errors.New("Invalid capability: "+cap)
}
}
return nil
}